[VIM] vendor dispute: 21565: phpBB Blog index.php permalink Variable SQL Injection (fwd)

security curmudgeon jericho at attrition.org
Fri Jan 13 08:14:09 EST 2006


I have mailed asking he test something else.

---------- Forwarded message ----------
From: Tony Boyd
To: moderators at osvdb.org
Date: Fri, 13 Jan 2006 04:58:16 -0800
Subject: [OSVDB Mods] [Change Request] 21565: phpBB Blog index.php permalink
     Variable SQL Injection

I believe your notice about SQL injection into phpBB Blog is incorrect.

As the author, I saw the advisory, and attempted to do as shown (append SQL to 
the URL string).  The SQL was not executed.

In addition, the advisory suggests that the script is not properly sanitizing 
user-supplied input to the "permalink" variable.  However, it is.  This line in 
blog.php sanitizes the data:

$perma_id = preg_replace("/[^0-9]/", "", $_GET['permalink']);

-Tony


More information about the VIM mailing list